Ransomware Snake: under the radar?

This ransomware is notable mostly because it’s trying really hard to avoid detection, harder than most ransomware do. For more information on the ransomware itself, first specialized articles detail its advanced obfuscation level. Here is an update on the behaviour of Stormshield Endpoint Security and Stormshield Network Security.


Stormshield Endpoint Security – threat management

Interestingly enough, all found technical materials deal with one specific malicious binary, and the malware is not packed in any way.
Blocking the execution of the malware’s specific hash could then be efficient to block SNAKE, at least this specific version.

Hash: e5262db186c97bbe533f0a674b08ecdafa3798ea7bc17c705df526419c168b60

And as with all ransomware, one of the most effective ways to stop it is to use SES Application Control to allow only specific applications to access known file extensions. For example to prevent abnormal processes from accessing Microsoft Office documents, allow only Office applications to access Office documents.


Stormshield Network Security – threat management

Breach Fighter and SNS Premium Antivirus options both detect the binary described above.

In general, Breach Fighter option is also able to detect data encryption operations performed by ransomware, even when the binary hash is not known yet.

Share on

[juiz_sps buttons="facebook, twitter, linkedin, mail"]
Need help configuring your Stormshield products? Take a look at the Stormshield Technical Documentation site.

About the author

Julien Paffumi
Senior Product Manager, Stormshield

Julien made his first foray into Arkoon’s R&D as a quality engineer. He then directly trained administrators and acquired broad knowledge of their needs – an invaluable experience for his next role as Product Manager of Arkoon Fast360 firewalls, and then of the Stormshield Management Center centralised administration console. Eager to share what he has learned, Julien now works in continuous improvement for Product Management at Stormshield as a Senior Product Manager. This cross-cutting role also feeds his never-ending curiosity thanks to its broader approach to Stormshield solutions.